Security and platform trust
A concise statement of controls implemented today. This page does not claim certifications or assurance work that RemitScan has not published.
Separated application surfaces
Public intelligence is served without login at www.remitscan.eu. Market-participant workspaces are served at mp.remitscan.eu. Administrative tools are served at admin.remitscan.eu. Private surfaces are excluded from indexing.
Authentication and authorisation
Private surfaces use Firebase Authentication. API requests verify Firebase identity tokens, administrative operations require an administrative role, and tenant data access is constrained by backend checks and database row-level security.
Data protection
Data is encrypted in transit and at rest. Production access is restricted to authorised personnel. Public, market-participant, and administrative deployments have separate route and API-proxy allowlists.
Auditability
Public comparison signals retain source references, relevant timestamps, rule and configuration versions, and calculation inputs. Outputs support investigation and do not make legal compliance determinations.
Hosting and enquiries
Current service providers are listed in the privacy policy. Contractual, vendor-risk, and security enquiries can be sent to contact@remitscan.eu.